Code commits
Openfire (master)
-
daryl herzmann <akrherz@iastate.edu> 2d0ef93add8a75ff2b012a1214e3ce5389b0d4d1
Merge pull request #2079 from guusdk/OF-2467_MUC-affiliation-change-page-reload
OF-2467: Do not reload admin page when changing MUC affiliation dropdown -
daryl herzmann <akrherz@iastate.edu> 31ab2cc7bbb715e5b16d5cefeca7551601a6ddaa
Merge pull request #2080 from guusdk/OF-2466_MUC-affiliation-groups-sorted
OF-2466: Groups presented in MUC room affiliation page should be ordered -
Guus der Kinderen c59fa0ba5bbf4452ff7529f514e3422ca973ef98
OF-2466: Groups presented in MUC room affiliation page should be ordered
- xmppserver/src/main/webapp/muc-room-affiliations.jsp (version c59fa0ba5bbf4452ff7529f514e3422ca973ef98)
-
Guus der Kinderen 4a058d00ea8e39cf34cb21d99178db21da9e90fb
OF-2467: Do not reload admin page when changing MUC affiliation dropdown
The admin console page that allows you to change MUC room permissions / affiliations has a drop-down box that lists all possible affiliations. Whenever that drop-down is changed, the page used to reload, causing all modifications to be lost. This was done to show or hide the 'nickname' input field.
This commit shows/hides that field with javascript magic, removing the need for a page reload.- xmppserver/src/main/webapp/muc-room-affiliations.jsp (version 4a058d00ea8e39cf34cb21d99178db21da9e90fb)
-
daryl herzmann <akrherz@iastate.edu> de035f3cb9eb362d79a2d2532dc396433d9d61ea
Merge pull request #2056 from guusdk/OF-2459_admin-console-tweaks
OF-2459 admin console tweaks -
daryl herzmann <akrherz@iastate.edu> d171f437c6af77186f82c6bc9aab8ffe6b19236e
Merge pull request #2054 from guusdk/OF-2413_fix-missing-close
OF-2413: Ensure that connections are closed, when no error occurs. -
daryl herzmann <akrherz@iastate.edu> 1fc2239f96aa9993f629fb9363a239cd4ec455ed
Merge pull request #2046 from guusdk/OF-2443_SASL-PLAIN-Authmapping
Minor changes to SASL implementation -
daryl herzmann <akrherz@iastate.edu> 31eeffae89c57c8c02d89c2ea5c5f07a2334872e
Merge pull request #2077 from guusdk/OF-2480_admin-console-availability-after-setup
OF-2480: Ensure that admin console starts after setup -
daryl herzmann <akrherz@iastate.edu> 3c74bf6dbcff4fc3338492374cf58c2b90dc0978
Merge pull request #2076 from guusdk/OF-2473_Deadlock-websockets
OF-2473: Prevent websocket deadlock -
daryl herzmann <akrherz@iastate.edu> 674db4574368b2f976cc2457788fa50942749786
Merge pull request #2075 from guusdk/OF-2479_Websocket-replace-stream-element
OF-2479: Allow clients that do websockets without the required XMPP framing -
daryl herzmann <akrherz@iastate.edu> e06ee886fee5bba2bf235edc5e2e620c0533df21
Merge pull request #2073 from guusdk/OF-2472_Admin-console-pubsub-order
fixes OF-2472: Pubsub node summary pages should be sortable -
daryl herzmann <akrherz@iastate.edu> d7e1b700b1808c3e953a3dad0b36bd699e833f08
Merge pull request #2045 from guusdk/OF-2435_update-to-MINA-2.2.0
OF-2435: Update Apache MINA to version 2.2.1 -
Guus der Kinderen 02703660bd988fc00c31bb29b41b6d459300c682
OF-2480: Ensure that admin console starts after setup
During setup, the CertificateStore manager is started briefly, to ensure that it contains at least a minimum viable certificate. After this has been established, it is shut down again.
This brief occurrence starts an entity that watches the file system for changes (OF-1373: Allow certificate changes to be applied without a restart). Having this watcher running prevents the admin console webserver from being restarted quickly, causing the admin console to be unavailable for about half a minute.
With the changes in this commit, the initial start of CertificateStoreManager will now happen without the 'watching' being started. This prevents issues with reloading the web server.- xmppserver/src/main/java/org/jivesoftware/openfire/XMPPServer.java (version 02703660bd988fc00c31bb29b41b6d459300c682)
- xmppserver/src/main/java/org/jivesoftware/openfire/keystore/CertificateStoreManager.java (version 02703660bd988fc00c31bb29b41b6d459300c682)
-
Guus der Kinderen 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c m
OF-2435: Update Apache MINA to version 2.2.1
By updating to Apache MINA to its 2.2 branch, a new TLS implementation is pulled in. In testing, this version has shown to resolve the issues with TLSv1.3 in direct TLS and StartTLS that are described in OF-2435.- pom.xml (version 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c)
- xmppserver/src/main/java/org/jivesoftware/openfire/net/StartTlsFilter.java (version 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c)
- xmppserver/src/main/java/org/jivesoftware/openfire/nio/NIOConnection.java (version 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/ConnectionManagerImpl.java (version 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/EncryptionArtifactFactory.java (version 2e5dd6a1e0bce5d2b88c4d319d9680e65aa0f58c)
-
Guus der Kinderen ba3f90721b742673513373a796fbfb53bde2ff3d
OF-2420: Small fix for layout of LDAP test data
- xmppserver/src/main/webapp/setup/setup-ldap-user_test.jsp (version ba3f90721b742673513373a796fbfb53bde2ff3d)
- xmppserver/src/main/webapp/style/ldap.css (version ba3f90721b742673513373a796fbfb53bde2ff3d)
- xmppserver/src/main/webapp/style/setup.css (version ba3f90721b742673513373a796fbfb53bde2ff3d)
-
Guus der Kinderen c68778b3c436359c1e1c6ade5a190bf10ed4a251
OF-2420: Fix width of LDAP group test dialog.
- xmppserver/src/main/webapp/style/ldap.css (version c68778b3c436359c1e1c6ade5a190bf10ed4a251)
- xmppserver/src/main/webapp/style/setup.css (version c68778b3c436359c1e1c6ade5a190bf10ed4a251)
-
Dan Caseley <dan@caseley.me.uk> 5effab9ba0678bdc3e8a48c16f56177d1ccf7c02
OF-2420: Fix test pages for display in a dialog component
- xmppserver/src/main/webapp/setup/setup-ldap-group_test.jsp (version 5effab9ba0678bdc3e8a48c16f56177d1ccf7c02)
- xmppserver/src/main/webapp/setup/setup-ldap-user_test.jsp (version 5effab9ba0678bdc3e8a48c16f56177d1ccf7c02)
-
Guus der Kinderen 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859
OF-2420: Replace Lightbox in LDAP setup
Instead of the outdated 'lightbox' javascript library, use a HTML 'dialog'.- xmppserver/src/main/webapp/ldap-group.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/ldap-server.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/ldap-user.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/ldap-group.jspf (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/ldap-server.jspf (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/ldap-user.jspf (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/setup-admin-settings_test.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/setup-ldap-group_test.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/setup-ldap-server_test.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/setup/setup-ldap-user_test.jsp (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
- xmppserver/src/main/webapp/style/setup.css (version 1be7413cbba154ecb9931bcbcbc9fbbd5e34e859)
-
Guus der Kinderen 15601b864af223e275cffb767ab7ad59f732178e
OF-2420: Remove lightbox.js and lightbox.css
Usage has been removed in the previous commit.- xmppserver/src/main/webapp/decorators/setup.jsp (version 15601b864af223e275cffb767ab7ad59f732178e)
- xmppserver/src/main/webapp/js/lightbox.js (version 15601b864af223e275cffb767ab7ad59f732178e)
- xmppserver/src/main/webapp/style/lightbox.css (version 15601b864af223e275cffb767ab7ad59f732178e)
-
Guus der Kinderen 7351f32b8ff3099cac4fa555c378bfff643d17e2
OF-2473: Guard access to websocket session state
By having more asynchronous operations being introduced as part of OF-2473, the need to guard state increased. This commit adds some mutexes.- xmppserver/src/main/java/org/jivesoftware/openfire/websocket/XmppWebSocket.java (version 7351f32b8ff3099cac4fa555c378bfff643d17e2)
-
Guus der Kinderen d12ce194a25e2851616c7c40c29bc3b1bce44176
OF-2473: Ensure throwables are not lost
If the implementation of the `@OnWebSocketError` annotated methods throws an exception, this exception should not be lost.- xmppserver/src/main/java/org/jivesoftware/openfire/websocket/XmppWebSocket.java (version d12ce194a25e2851616c7c40c29bc3b1bce44176)
-
Guus der Kinderen 81a52bde83304e1e3baba95a8e1a56cdc226d91a
OF-2473: Prevent websocket deadlock
Jetty's websocket implementation invokes `@OnWebSocketError` and `@OnWebSocketClose` annotated methods when certain erroneous conditions occur. These invocations happen synchronously.
As a result, a 'close' operation is called synchronously to the processing of the original request, which can happen under guard of a mutex. This leads to the 'close' implementation being called while a mutex is held that is intended to be held only while inbound data is being processed. This has lead to deadlocks.
An example scenario is when a websocket request arrives that asks to close the connection. Sometimes (presumably if the per immediately disconnects the connection, rather than waiting for an answer), returning a response fails ('EOF'). This then triggers error handling.
This commit makes the `@OnWebSocketError` and `@OnWebSocketClose` methods be asynchronous, to ensure that its processing is decoupled from the inbound data that might have tirggered their invocation.- xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpSessionManager.java (version 81a52bde83304e1e3baba95a8e1a56cdc226d91a)
- xmppserver/src/main/java/org/jivesoftware/openfire/websocket/XmppWebSocket.java (version 81a52bde83304e1e3baba95a8e1a56cdc226d91a)
-
Guus der Kinderen 708e3445efbb082a5378ddbfd664b5851361d93a
OF-2479: Allow clients that do websockets without the required XMPP framing
This basically is a hack to get Tsung to connect to Openfire of websockets.
The functionality introduced here is switched off by default. If enabled, it replaces `stream` element names with `open` and `close` where appropriate, to conform to 'XMPP framing' as described in https://datatracker.ietf.org/doc/html/rfc7395#section-3.3- i18n/src/main/resources/openfire_i18n.properties (version 708e3445efbb082a5378ddbfd664b5851361d93a)
- xmppserver/src/main/java/org/jivesoftware/openfire/websocket/XmppWebSocket.java (version 708e3445efbb082a5378ddbfd664b5851361d93a)
-
Guus der Kinderen 8e0606a50eb5143b0de9aaf169c0703448beb04b m
feedback on fix forOF-2472: replace string usage with constants
- xmppserver/src/main/java/org/jivesoftware/util/ListPager.java (version 8e0606a50eb5143b0de9aaf169c0703448beb04b)
-
Guus der Kinderen 07d1984bb4982b9c005f99c2db275cac834ee7d6 m
fixes OF-2472: Pubsub node summary pages should be sortable
This adds 'sorting' functionality to the admin console pages that show pubsub node listings (for both the pubsub service, as well as each PEP service).
The changes are largely implemented in the generic, pre-existing ListPager implementation, in the hope that they are re-useable for other pages.- xmppserver/src/main/java/org/jivesoftware/openfire/pubsub/PubsubNodeResultFilter.java (version 07d1984bb4982b9c005f99c2db275cac834ee7d6)
- xmppserver/src/main/java/org/jivesoftware/util/ListPager.java (version 07d1984bb4982b9c005f99c2db275cac834ee7d6)
- xmppserver/src/main/webapp/pubsub-node-summary.jsp (version 07d1984bb4982b9c005f99c2db275cac834ee7d6)
-
Guus der Kinderen 60b24b6499e113f240ecfaa78c4b9ed2695e257d m
Replace properties with shorthand in CSS
- xmppserver/src/main/webapp/style/global.css (version 60b24b6499e113f240ecfaa78c4b9ed2695e257d)
-
Guus der Kinderen 50dfa43a5e8036c493f3fdac9c4784937bc91f31 m
Fix reference to generic font-family name in CSS
- xmppserver/src/main/webapp/style/global.css (version 50dfa43a5e8036c493f3fdac9c4784937bc91f31)
-
Guus der Kinderen 305edb0d04b2e934d0d1809d30197f578a9649a2 m
Remove redundant unit qualifier from CSS
- xmppserver/src/main/webapp/style/global.css (version 305edb0d04b2e934d0d1809d30197f578a9649a2)
-
Guus der Kinderen 77fa10f4075398b25624d43c112292f372ab9da9 m
OF-2459: Tweaks to Admin Console css
- xmppserver/src/main/webapp/muc-room-edit-form.jsp (version 77fa10f4075398b25624d43c112292f372ab9da9)
- xmppserver/src/main/webapp/style/global.css (version 77fa10f4075398b25624d43c112292f372ab9da9)
-
Guus der Kinderen 5bab9980e6e578e7589f134b8b13de77f618e17e m
OF-2413: Ensure that connections are closed, when no error occurs.
The fix (which as of yet is unreleased) for OF-2413 introduces a bug, where a call to close() doesn't do anything anymore.
This bug is introduced in commit 257806e4ce061462de782d69fe5afeabdcdc9264, which was merged in the main branch of the Openfire repository with pull request https://github.com/igniterealtime/Openfire/pull/2026. No releases have been made from that branch, since this issue was introduced. By merging this change prior to the next release of the main branch (expected to be v4.8.0), the bug can be fixed before it was ever released.- xmppserver/src/main/java/org/jivesoftware/openfire/net/VirtualConnection.java (version 5bab9980e6e578e7589f134b8b13de77f618e17e)
-
Guus der Kinderen cd0e57d95789c64746c32bf7a187290331821696 m
OF-2443: SASL PLAIN should use AuthorizationMapper when no authzid is provided
When a client authenticates, but does not provide an identity to act as ('authorization identity'), then the server needs to determine one. Typically, this is the same value as the authentiation identity (whose password was used), but there are subtleties to this.
Openfire provides a pluggable framework for this purpose. This framework should be used by all authentiation methods, but was not used by the SASL PLAIN implementation. That caused this mechanism to behave differently from others. In a default configuration, it disallows users to log in using a bare JID (as opposed to a username/localpart), while other mechanisms allow for this.- xmppserver/src/main/java/org/jivesoftware/openfire/sasl/SaslServerPlainImpl.java (version cd0e57d95789c64746c32bf7a187290331821696)
-
Guus der Kinderen 017ee73d82f18c4907180f44ecbc5d6cdf6152a1 m
Rename 'principal' and 'username' to 'authcid' and 'authzid'
The existing code uses 'principal' and 'username' to distinghish between the identity whose password will be used and the identity to act as.
These terms are fairly specific to Java. This commit replaces them with 'authentication identity' (or authcid) and 'authorization identity' (authzid) respectively, which are more commonly used in context of SASL authentication.
Additional minor changes are made to log messages and javadoc. No functional changes are intended to be introduced by this commit.- xmppserver/src/main/java/org/jivesoftware/openfire/auth/AuthorizationManager.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/AuthorizationMapping.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/AuthorizationPolicy.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/DefaultAuthorizationMapping.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/ldap/LdapAuthorizationMapping.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/ldap/LdapAuthorizationPolicy.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/ldap/LdapManager.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/net/XMPPCallbackHandler.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/sasl/SaslServerPlainImpl.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
- xmppserver/src/main/java/org/jivesoftware/openfire/sasl/VerifyPasswordCallback.java (version 017ee73d82f18c4907180f44ecbc5d6cdf6152a1)
-
Guus der Kinderen be0eb669f87392affb67adddabd1571351e3ae40 m
Refactor some SASL properties to use SystemProperties
This change makes the following pre-existing properties use SystemProperties, which has the effect of them becoming dynamic (changes no longer requiring an Openfire restart).
- sasl.realm (The realm used for SASL authentication, which can be used when realms that are passed through SASL are different from the XMPP domain name)
- sasl.approvedRealms (A collection of realm names that can be used for SASL authentication. This can be used when realms that are passed through SASL are different from the XMPP domain name)
- sasl.proxyAuth (Controls if Openfire's default authorization policy allows authentication identities (identity whose password will be used) that are different from authorization identities (identity to act as))
- xmpp.auth.ignorecase (Controls if Openfire's default authorization policy is case-sensitive)- i18n/src/main/resources/openfire_i18n.properties (version be0eb669f87392affb67adddabd1571351e3ae40)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/AuthorizationManager.java (version be0eb669f87392affb67adddabd1571351e3ae40)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/DefaultAuthorizationMapping.java (version be0eb669f87392affb67adddabd1571351e3ae40)
- xmppserver/src/main/java/org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.java (version be0eb669f87392affb67adddabd1571351e3ae40)
- xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version be0eb669f87392affb67adddabd1571351e3ae40)